Thanks for this, and for the heads up about FV2. I’d read the spec on it, but it just went under the radar that once an authorised user unlocks the disk, there’s no encryption on the account folders (as with FV1).

Did you actually try the dscl . -passwd command in single user mode? It doesn’t work in Lion with FV2 enabled.

As far as I can tell, if FV2 is enabled, not only the admin password but also the users own passwd can’t be changed that way anymore, as they are themselves encrypted on the recovery disk, not in system/launchdaemons as in Snow (and presumably unencrypted Lion disks).